CVE-2024-8875

Name of the Vulnerable Software and Affected Versions: vedees wcms versions up to 0.3.2

Description: A critical vulnerability was found in vedees wcms, affecting an unknown functionality of the file /wex/finder.php. The manipulation of the p argument leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. There are reports of elevated activities targeting vedees wcms.

Recommendations: For versions up to 0.3.2, as a temporary workaround, consider restricting access to the /wex/finder.php file until a patch is available. Avoid manipulating the p argument in the affected file to minimize the risk of exploitation. Review logs for signs of compromise. Patch immediately when a fix is available.